You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

106 lines
5.5 KiB

  1. package policy
  2. /*
  3. * MinIO Cloud Storage, (C) 2016 MinIO, Inc.
  4. *
  5. * Licensed under the Apache License, Version 2.0 (the "License");
  6. * you may not use this file except in compliance with the License.
  7. * You may obtain a copy of the License at
  8. *
  9. * http://www.apache.org/licenses/LICENSE-2.0
  10. *
  11. * Unless required by applicable law or agreed to in writing, software
  12. * distributed under the License is distributed on an "AS IS" BASIS,
  13. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. * See the License for the specific language governing permissions and
  15. * limitations under the License.
  16. */
  17. import (
  18. "encoding/base64"
  19. "fmt"
  20. "net/http"
  21. "testing"
  22. "time"
  23. )
  24. // Test Post Policy parsing and checking conditions
  25. func TestPostPolicyForm(t *testing.T) {
  26. pp := NewPostPolicy()
  27. pp.SetBucket("testbucket")
  28. pp.SetContentType("image/jpeg")
  29. pp.SetUserMetadata("uuid", "14365123651274")
  30. pp.SetKeyStartsWith("user/user1/filename")
  31. pp.SetContentLengthRange(1048579, 10485760)
  32. pp.SetSuccessStatusAction("201")
  33. type testCase struct {
  34. Bucket string
  35. Key string
  36. XAmzDate string
  37. XAmzAlgorithm string
  38. XAmzCredential string
  39. XAmzMetaUUID string
  40. ContentType string
  41. SuccessActionStatus string
  42. Policy string
  43. Expired bool
  44. expectedErr error
  45. }
  46. testCases := []testCase{
  47. // Everything is fine with this test
  48. {Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", SuccessActionStatus: "201", XAmzCredential: "KVGKMDUQ23TCZXTLTHLP/20160727/us-east-1/s3/aws4_request", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: nil},
  49. // Expired policy document
  50. {Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", SuccessActionStatus: "201", XAmzCredential: "KVGKMDUQ23TCZXTLTHLP/20160727/us-east-1/s3/aws4_request", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", Expired: true, expectedErr: fmt.Errorf("Invalid according to Policy: Policy expired")},
  51. // Different AMZ date
  52. {Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", XAmzDate: "2017T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
  53. // Key which doesn't start with user/user1/filename
  54. {Bucket: "testbucket", Key: "myfile.txt", XAmzDate: "20160727T000000Z", XAmzMetaUUID: "14365123651274", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
  55. // Incorrect bucket name.
  56. {Bucket: "incorrect", Key: "user/user1/filename/myfile.txt", XAmzMetaUUID: "14365123651274", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
  57. // Incorrect key name
  58. {Bucket: "testbucket", Key: "incorrect", XAmzDate: "20160727T000000Z", XAmzMetaUUID: "14365123651274", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
  59. // Incorrect date
  60. {Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", XAmzDate: "incorrect", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
  61. // Incorrect ContentType
  62. {Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "14365123651274", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "incorrect", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed")},
  63. // Incorrect Metadata
  64. {Bucket: "testbucket", Key: "user/user1/filename/${filename}/myfile.txt", XAmzMetaUUID: "151274", SuccessActionStatus: "201", XAmzCredential: "KVGKMDUQ23TCZXTLTHLP/20160727/us-east-1/s3/aws4_request", XAmzDate: "20160727T000000Z", XAmzAlgorithm: "AWS4-HMAC-SHA256", ContentType: "image/jpeg", expectedErr: fmt.Errorf("Invalid according to Policy: Policy Condition failed: [eq, $x-amz-meta-uuid, 14365123651274]")},
  65. }
  66. // Validate all the test cases.
  67. for i, tt := range testCases {
  68. formValues := make(http.Header)
  69. formValues.Set("Bucket", tt.Bucket)
  70. formValues.Set("Key", tt.Key)
  71. formValues.Set("Content-Type", tt.ContentType)
  72. formValues.Set("X-Amz-Date", tt.XAmzDate)
  73. formValues.Set("X-Amz-Meta-Uuid", tt.XAmzMetaUUID)
  74. formValues.Set("X-Amz-Algorithm", tt.XAmzAlgorithm)
  75. formValues.Set("X-Amz-Credential", tt.XAmzCredential)
  76. if tt.Expired {
  77. // Expired already.
  78. pp.SetExpires(time.Now().UTC().AddDate(0, 0, -10))
  79. } else {
  80. // Expires in 10 days.
  81. pp.SetExpires(time.Now().UTC().AddDate(0, 0, 10))
  82. }
  83. formValues.Set("Policy", base64.StdEncoding.EncodeToString([]byte(pp.String())))
  84. formValues.Set("Success_action_status", tt.SuccessActionStatus)
  85. policyBytes, err := base64.StdEncoding.DecodeString(base64.StdEncoding.EncodeToString([]byte(pp.String())))
  86. if err != nil {
  87. t.Fatal(err)
  88. }
  89. postPolicyForm, err := ParsePostPolicyForm(string(policyBytes))
  90. if err != nil {
  91. t.Fatal(err)
  92. }
  93. err = CheckPostPolicy(formValues, postPolicyForm)
  94. if err != nil && tt.expectedErr != nil && err.Error() != tt.expectedErr.Error() {
  95. t.Fatalf("Test %d:, Expected %s, got %s", i+1, tt.expectedErr.Error(), err.Error())
  96. }
  97. }
  98. }